Privacy Policy

Privacy Notice

Effective date: 08-10-2025

1. Who I am

I am Dr Adriana Hardisty, a trainee psychosexual psychotherapist and qualified general practitioner offering psychosexual counselling services to adults in the United Kingdom.


My business operates as Dr Adriana - Psychosexual Psychotherapist (Sole Trader).


You can contact me at:


📧 hello@dradriana.co.uk  📍 Online only

 

I am currently registered (R/N 4933) as a trainee with the CoSRT (https://www.cosrt.org.uk/) studying with the Institute of Psychosexual Psychotherapy (https://instituteofpsychosexualpsychotherapy.org/)

 

I am a registered GP with the General Medical Council (https://www.gmc-uk.org/) GMC R/N 7499934

 

I am registered with the Information Commissioner’s Office (ICO) as a data controller – registration number CSN4645930

 

 

2. The information I collect

To provide therapy safely and effectively, I may collect and store the following types of information:

 

Identity details

Name, contact information, date of birth, GP details, emergency contact

Session records

Notes taken during or after sessions, treatment plans, supervision notes

Administrative information

Invoices, payment records, appointment history, correspondence

Sensitive (“special category”) data

Information about mental and physical health, sexuality, relationships, gender identity, sexual history and experiences shared in therapy

 

 

3. Why I collect it (purpose)

I collect and process this information so that I can:

  • Deliver counselling and psychosexual therapy sessions safely and ethically;

     
  • Maintain accurate clinical records;

     
  • Manage appointments, billing and correspondence;

     
  • Fulfil legal and professional obligations (for example, record-keeping, supervision, safeguarding, and tax).

     

 

 

4. Lawful bases for processing

Under UK GDPR, the lawful bases I rely on are:

 

General personal data

Article 6(1)(b) – processing necessary for the performance of a contract (therapy agreement).Article 6(1)(f) – legitimate interests (administration, supervision, record-keeping).

Special category (health/sexual) data

Article 9(2)(h) – necessary for the provision of health care or treatment by a health professional bound by confidentiality.

Consent (if applicable)

Article 6(1)(a) and 9(2)(a) – explicit consent for specific optional processing (e.g., sharing information with another professional at your request).

 

 

5. How your information is stored

  • Electronic notes and records are stored via secure software, which is fully GDPR-compliant.

     
  • Devices used to access records are encrypted and password-protected.

     
  • Paper records (if any) are kept in a locked cabinet in a secure location.

     
  • Communications via email are stored in a secure webmail with encryption in transit.
     

 

 

6. How long your information is kept

Clinical records are retained for seven (7) years after the end of therapy, unless professional or legal requirements oblige a different period.
After that, data are securely deleted or shredded.

 

 

7. Sharing your information

I keep your information confidential.
It may be shared only when:

  • You have given explicit written consent (for example, to liaise with your GP or another professional);

     
  • I am legally obliged to disclose information (for example, safeguarding concerns, risk of serious harm, court order);

     
  • My clinical supervisor may review anonymised information to support safe practice;

     
  • My accountant or HMRC may access limited financial data for tax purposes.

     

All third-party providers sign data-processing agreements that meet UK GDPR standards.

 

 

8. Your rights

Under data-protection law you have the right to:

 

  • Access a copy of your personal data;

     
  • Rectify inaccuracies;

     
  • Request erasure (within legal/ethical limits);

     
  • Restrict or object to processing;

     
  • Data portability (receive an electronic copy);

     
  • Complain to the ICO if you believe your data rights have been infringed.

     

Contact:


Information Commissioner’s Office


ico.org.uk Tel 0303 123 1113

 

 

9. Security and breach notification

 

I use encryption, strong passwords, and two-factor authentication where available.
If a data breach occurs that risks your rights or privacy, I will notify you and the ICO within 72 hours as required by law.

 

 

10. Updates

 

This privacy notice may be updated from time to time. The latest version will always appear on dradriana.co.uk, and material changes will be communicated by email when relevant.

 

 

©Copyright 2025. All rights reserved.

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.